Petya ransomware campaign impacting organisations globally
The ACSC is aware of a global ransomware campaign, Petya. Ransomware is malicious software that makes data or systems unusable until the victim makes a payment.
We are working to confirm reports of two affected companies in Australia and we are reaching out to offer assistance. We are working with our international counterparts to understand the scope and impact.
Early reports indicate the Petya ransomware appears to leverage the same vulnerability as WanaCry.
- Patch/update systems immediately, including Microsoft operating systems. Using unpatched and unsupported software increases the risk of cyber security threats such as ransomware.
- Back-up your data. If you do not have back-ups in place you can arrange to use an off-site backup service. This is good practice for all users.
- Ensure your antivirus software is up-to-date.
- Individuals and organisations should not pay the ransom. Reports indicate that the contact email address provided in the ransom message has been disabled, which means the files are highly unlikely to be recovered by paying the ransom.
All organisations - large and small - need to examine their cyber security posture and have arrangements in place to protect the security of their information systems.
The Australian Cyber Security Centre has advised that, if you are affected by the Petya ransomware incident, you should contact your service provider immediately. Small businesses can contact ACORN (Australian Cybercrime Online Reporting Network). Large organisations are advised to follow their normal procedures and report to the Australian Cyber Security Centre (ACSC) via the number 1300 CYBER1.
We continue to monitor the situation closely for any impact and will provide updates as necessary.
Organisations can minimise the risk of being infected by exploits taking advantage of unpatched vulnerabilities by following the Australian Signal Directorate's Strategies to Mitigate Cyber Security Incidents. These strategies include, but are not limited to:
- patching operating systems and applications to the latest versions
- backing up important data on a daily basis to an offsite location
- implementing application whitelisting to prevent execution of untrusted code
- restricting administrator privileges.
Further ASD advice, such as the Essential Eight Explained, Detecting Socially-Engineered Emails, Minimising Admin Privileges Explained and Application Whitelisting Explained, is available from the ASD Publications page.